Information Security Governance: When Compliance Becomes More Important than Security

Conference object English OPEN
Tan , Terence C. C.; Ruighaver , Anthonie B.; Ahmad , Atif;
(2010)
  • Publisher: Springer
  • Related identifiers: doi: 10.1007/978-3-642-15257-3_6
  • Subject: business security strategies | security strategic context | decentralized decision making | [ INFO.INFO-DL ] Computer Science [cs]/Digital Libraries [cs.DL] | Security culture

International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security gove... View more
  • References (27)
    27 references, page 1 of 3

    1. Humphreys, T.: How to implement an ISO/IEC 27001 information security management system. ISO Management Systems, 40-44, http://www.iso.org (2006)

    2. Ruighaver, A.B.: Organisational Security Requirements: An agile approach to Ubiquitous Information Security. In: Proceedings of the 6th Australian Security management Conference, Australia (2008)

    3. IT Governance Institute: Information Security Governance: Guidance for Boards of Directors and Executive Management 2nd Edition, http://www.itgi.org (2006)

    4. Tan, T.C.C., Ruighaver, A.B., Ahmad, A.: Incident Handling: Where the Need for Planning is often not Recognised. In: Proceedings of the 1st Australian Computer Network, Information & Forensics Conference, Australia (2003)

    5. Tan, T.C.C., Ruighaver, A.B.: Understanding the Scope of Strategic Context in Security Governance, In: Proceedings of the 2005 IT Governance Int. Conf, New Zealand (2005)

    6. Tan, T.C.C., Ruighaver, A.B.: A Framework for investigating the development of Security Strategic Context in Organisations, In: Proceedings of the 6th Aus Information Warfare & Security Conference: Protecting the Australian Homeland. pp. 216-226. Australia (2005)

    7. Computer Security Institute and FBI Survey, Results of „CSI/FBI Computer Crime and Security Survey‟. http://www.gocsi.com (2003)

    8. AusCERT, Australian High Tech Crime Centre, AFP, NSW Police, NT Police, Queensland Police, SA Police, Tas Police, Vic Police, WA Police: 2004 Australian Computer Crime and Security Survey. Australian Computer Emergency Response Team. (2004)

    9. Wright, PD, Liberatore, MJ, Nydick, RL 2006, „A survey of operations research models and applications in Homeland Security‟, Interfaces, Vol. 36, Iss. 6, Nov/Dec, pp.514-529.

    10.Theunissen, D.: Corporate Incident Handling Guidelines. The SANS Institute http://rr.sans.org/incident/corp_guide.php (2001)

  • Metrics
Share - Bookmark